Server Neglect

About This Episode

Authors of one of the most infamous botnets of all time get busted, researchers discover keyloggers built into HP Laptops, the major HomeKit flaw no one is talking about, and the new version of FreeNAS packs a lot of features for a point release.

Plus an update on the show and what to expect, and we attempt something TechSNAP could never do as a video production, a live double FreeNAS upgrade!

Episode Links

Mirai IoT Botnet Co-Authors Plead Guilty — Krebs on Security — The U.S. Justice Department on Tuesday unsealed the guilty pleas of two men first identified in January 2017 by KrebsOnSecurity as the likely co-authors of Mirai, a malware strain that remotely enslaves so-called “Internet of Things” devices such as security cameras, routers, and digital video recorders for use in large scale attacks designed to knock Web sites and entire networks offline (including multiple major attacks against this site).

HP keylogger - ZwClose Blog Post — TL;DR: HP had a keylogger in the keyboard driver. The keylogger saved scan codes to a WPP trace. The logging was disabled by default but could be enabled by setting a registry value (UAC required)

Apple Releases iOS 11.2.1 Update With HomeKit Fix — According to Apple's release notes, the update re-enables remote access for shared users of the Home app. Apple broke remote access for shared users when implementing a fix for a major HomeKit vulnerability last week.

FreeNAS 11.1 Released — The FreeNAS Development Team is excited and proud to present FreeNAS 11.1! FreeNAS 11.1 adds cloud integration, OpenZFS performance improvements, including the ability to prioritize resilvering operations, and preliminary Docker support to the world’s most popular software-defined storage operating system. This release includes an updated preview of the beta version of the new administrator graphical user interface, including the ability to select display themes. This post provides a brief overview of the new features.

Process Doppelgänging Attack — Dubbed ‘Process Doppelgänging‘ by Tal Liberman and Eugene Kogan of EnSilo, the attack was demonstrated during Black Hat Europe 2017 security conference in London earlier today. Doppelgänging, a fileless code injection technique, works in such a manner that an attacker can manipulate the way Windows handles its file transaction process and pass malicious files even if the code is known to be malicious.

Process Doppelgänging - Black Hat Europe 2017 — By using NTFS transactions, we make changes to an executable file that will never actually be committed to disk. We will then use undocumented implementation details of the process loading mechanism to load our modified executable, but not before rolling back the changes we made to the executable. The result of this procedure is creating a process from the modified executable, while deployed security mechanisms in the dark.